Thursday, December 5, 2024
HomeComputer SecurityAPT28 Hacking Group Attacking Sporting Organizations Around the World Using Custom Malware

APT28 Hacking Group Attacking Sporting Organizations Around the World Using Custom Malware

Published on

SIEM as a Service

Microsoft warns of cyberattacks targeting anti-doping authorities and sporting organizations around the world. The group active since 2004 and they target government, military, and security organizations.

According to the Microsoft report, more than 16 national and international sporting and anti-doping organizations were targeted since September 16th.

The group is attributed to the Russian government, the group has a practice of registering looks like legitimate domains associated with news, politics, or other websites.

- Advertisement - SIEM as a Service

Microsoft said some of the attacks were successful, but most of the attacks are not successful. The attack found similar to the previous attack on various organizations.

APT28 group uses various attack methods such as spear-phishing, password spray, exploiting internet-connected devices and open-source malware.

The group uses several malware to attack victim’s and their primary malware is called Sofacy, the malware uses two primary components.

Trojan.Sofacy – Basic reconnaissance on an infected computer and drop another malware.
Backdoor.SofacyX – It is another malware using to steal the data from the infected computer.

The group has a history of targeting such organizations, in 2016 & 2018 the group targets various sporting organizations and anti-doping officials. The group released the stolen medical records online.

As the world looks forward with anticipation of the Tokyo Summer Games in 2020, we thought it important to share information about this new round of activity, read Microsoft blog post.

The group was supported by many developers and they used to update their tools since 2007. the group employs RSA encryption to protect files and stolen information.

Microsoft also notified that all customers targeted in these attacks and has worked with those who have sought our help to secure compromised accounts or systems.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

One Identity Named Winner of the Coveted Top InfoSec Innovator Awards for 2024

One Identity named Hot Company: Privileged Access Management (PAM) in 12th Cyber Defense Magazine’s...

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...

HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks

HackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Deloitte UK Hacked – Brain Cipher Group Claim to Have Stolen 1 TB of Data

Brain Cipher has claimed to have breached Deloitte UK and exfiltrated over 1 terabyte...

UK Healthcare Provider Hit by Cyberattack, Services Affected

Wirral University Teaching Hospital in the UK has been hit by a targeted cyberattack,...

SMOKEDHAM Backdoor Mimic As Legitimate Tools Leveraging Google Drive & Dropbox

UNC2465, a financially motivated threat actor, leverages the SMOKEDHAM backdoor to gain initial access...